Vulnerability in Oracle PeopleSoft Products Affecting SCM eProcurement Component
CVE-2018-2731

5.4MEDIUM

Key Information:

Vendor
Oracle
Status
Peoplesoft Enterprise Scm Eprocurement
Vendor
CVE Published:
18 January 2018

Summary

An inadequately secured component in the PeopleSoft Enterprise SCM eProcurement system from Oracle allows attackers with limited privileges to exploit vulnerabilities over HTTP. This flaw can lead to unauthorized modifications, including updates, insertions, or deletions of sensitive data, as well as the ability to read confidential information stored in the system. Supported versions 9.1 and 9.2 are particularly vulnerable.

Affected Version(s)

PeopleSoft Enterprise SCM eProcurement 9.1

PeopleSoft Enterprise SCM eProcurement 9.2

References

http://www.oracle.com/technetwork/security-advisory/cpuja...
x_refsource_CONFIRM
http://www.securitytracker.com/id/1040204
vdb-entryx_refsource_SECTRACK
http://www.securityfocus.com/bid/102610
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.